WSO2IS Facebook federation - wso2-identity-server

It's possible to use facebook info, and get some information in the local database in the userinhfo api?
Let'me explain, I get name and mail from facebook claim, and I want the userinfo api returns that information, and local information in the local user store.
Becouse I have the user facebook email provisioned in the secondary user store, if the user is in the PRIMARY user store, userinfo works perfectly, there are some way to work with secondary user store. And my secondary user store is a custom implementation of jdbc user store.
Thanks

This is possible to do. What you can do is authenticate the user using wso2 IS. Since you use custom implementation, the claim mapping should be done accordingly. If the claims are not there create custom claims.
Try to use those claims to map the Facebook user information
Or you may want to use facebook SDK to get user information.

Related

facebook api, get access toling without login having user id

I'm trying to understand what is the best way to work with facebook user login. In my app in profile section it's possible for user to sync with facebook, and store it (I'm storing facebook user id in application database), and use GraphApi with provided access token in app afterwards. At this point all is fine.
But when user back to app some time later, to run some GraphApi call he need new access token, and I do not see a way how to get that access token without running user through the same facebook authentication logic with that facebook confirmation dialog.
So the question is it possible to get access token having pre-stored user id without running user again through authentication??? It's a bit weird from user perspective to see all the time that facebook dialog after he already login with facebook and save that once. Also, if facebook require always to confirm login, it seems like from app perspective it does not make sense to store id at all (any way it's possible to get it with each login)???
Also, what if I do not want for users of my app to easily change linked facebook account, but with that facebook pop up, user each time can login through different account. Is that means I need on app side afterwards compare returned id with a stored id and alert user, that he can't change already synchronized facebook account to some other?

WSO2 - Get active sessions for user

We are using WSO2 for authentication (SAML/SSO).
I don't know how to tell if a user is already logged in (in order to prevent concurrent logins). Other SO questions have indicated this is possible to know both with WSO2 IS Analytics and without. I would prefer to not have to run WSO2 IS Analytics as well (this is alluded to here, but never clarified. Further, I can see the IDN_AUTH_SESSION_STORE table being populated and referred to during login, but that is using SESSION_ID (which is passed by the commonAuth cookie).
So I'm looking for a direct answer to this question: during the Auth flow, how can we tell if the given user is already logged in?
Without using the analytics, querying logged in user sessions by a user is not supported out of the box in WSO2 Identity Server. Let me explain why.
When a user authenticates with the WSO2 Identity Server, a session is created. These sessions are stored as session context objects, against the commonAuthId cookie in WSO2 implementation. Information about the logged in user is inside these session objects. Therefore if we want to get the session for a particular user, we have to query all active sessions and go through all of them one by one matching the user.
As an alternative, you can write a custom data publisher module which persists session data against each user and then you can use these data to prevent concurrent logins. I have a blog post written for this exact use case.
Hope this helps.

Accessing user_ID via messenger bot

I'm using the Graph API, but I can't figure out how to get a logged-in users ID address.
The intro to Graph states "The Graph API can provide access to all of the basic account registration data you would typically request in a sign-up form for your site, including name, email address, profile picture, and birthday" but to access them i need user_ID so how could i get it ?
https://developers.facebook.com/tools/explorer/?method=GET&path=me%3Ffields%3Did%2Cname&version=v3.0
You need to have a token from the user, check out the given link. You can see what informations you can access if you give permission to your own profile.
This ID is unique to each app and cannot be used across different apps.

Database table structure for storing SSO information for FB or Google+

I have a web application that I would like to add single sign on capability using user's Facebook or Google+/Google App account.
I have a USERS table that stores users login information. All users are required to have a record in this table no matter if they signed up using FB or Google+.
I am trying to figure out the information that I need to store in the database in order to link USERS table records to FB or Google information.
Facebook documentation states:
the app should store the token in a database along with the user_id
to identify it.
So should I create a table called SSO_LOOKUP with following columns:
USER_ID // user's id that links to my USER table
PROVIDER_ID // user's FB or Google account id
PROVIDER_TYPE // indicates if it is Google, FB, Twitter, etc.
ACCESS_TOKEN
For SSO login definitely you need to have your user_id and some basic details which allow you to connect to FB or google
provider: "it will be either FB or Google or anything in future"
token: "This token we receive from FB and Google. In case of FB it
expires after 3 months or so where as it does not expire for google
as per my knowledge"
token_expired:" As In FB token expires after a time so you can have
this flag in place if you need to refresh it after that duration"
user_id: "This is your User id:
uniqueid: "This is the Unique ID which you will get from FB and Google.
That helps to identify your user in FB/Google"
These are the minimum fields you can add and these will even help you to scale your app. In the sense if you want to pull or push data from google and FB at that time Access_token and unique_id will help you.
Also incase you want to see some publish source then you can see some of the code on github e.g.
django-social-auth
For some details you can refer google documentation and Google OAuth2
Hope this will help.
Technically speaking all you really need to store is the Refresh Token and some kind of flag type identifier that tells you if its a Facebook or Google Refresh Token. Then you can query the API for what ever information you need. Storing the User Id would be a good idea becouse if they logout then reauth you will still know who it is even though the refresh token has changed. anything else is kind of over kill really as you will be getting that information back from the API anyway when you make your calls.
You could if you want store there Name and most recent picture that might be nice to display before you have fetched there information. Then update any changes to your data after you access the API for the first time. But its basically up to you how you want to design things, and what kind of application we are talking about here.

Using Facebook to login / register - how to still get local user details from my database?

I want my sites users to be able to use facebook to create an account and login
I will gather additional details from the user once they have logged in (id, name, link, etc.) and create a local application database entry for the user.
For future logins, how would i handle the fact that their local db record will now exist?
How do I use the facebook login to return and be able to get the local db user details?
Yes, authenticating through other providers (openAuth is a biggy too and more generic) is getting quick common.
Here is the facebook info on how to do it with them:
http://developers.facebook.com/docs/authentication/signed_request/